Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through...
5.3CVSS
6.3AI Score
0.0004EPSS
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with...
6.4CVSS
5AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin <= 1.0.40...
5.9CVSS
4.9AI Score
0.0005EPSS
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary...
9.8CVSS
9.4AI Score
0.003EPSS